| CVE-2026-48710 |
medium |
6.5 |
6.5 |
|
|
|
9d ago |
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks |
| CVE-2025-62727 |
unknown |
— |
— |
|
|
|
7mo ago |
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-ti… |
| CVE-2025-54121 |
unknown |
— |
— |
|
|
|
11mo ago |
Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part … |
| CVE-2024-47874 |
unknown |
— |
— |
|
|
|
2y ago |
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buff… |
| CVE-2023-29159 |
unknown |
— |
— |
|
|
|
3y ago |
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. |
| CVE-2023-30798 |
unknown |
— |
— |
|
|
|
3y ago |
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause e… |
